![]() ![]() In this beginner’s guide on how to use Dropbox, we’re going to go over its basic functions and simple ways you can start interacting with it across multiple devices. Last Updated: 26 Jan'23 T16:53:35+00:00ĭropbox is a fantastic option for those looking for an easy-to-use, low-cost cloud storage platform. MP4 Repair: How to Fix Corrupted Video Files in 2019.Best Choice Stellar Phoenix Data Recovery.How to Create a Strong Password in 2023: Secure Password Generator & 6 Tips for Strong Passwords.How to Securely Store Passwords in 2023: Best Secure Password Storage.Best Password Manager for Small Business.How to Access the Deep Web and the Dark Net.Online Storage or Online Backup: What's The Difference?.Time Machine vs Arq vs Duplicati vs Cloudberry Backup.“The discovery of the new cyber espionage tools along with the connection to previously identified tools used by the group suggest that Molerats is increasing their espionage activity in the region in light of the current political climate and recent events in the Middle East,” Cybereason concludes. NET malware can perform WMI commands for reconnaissance, check the system for debuggers, restart the system, send OS info to the C&C, download additional payloads, and achieve persistence. Previously undocumented, the MoleNet downloader appears to have been in use since 2019, while its infrastructure might have been active since 2017. ![]() The malware can fetch and run a broad range of payloads, including an updated version of itself, the MoleNet downloader, Quasar RAT, SharpStage, and ProcessExplorer (legitimate tool used for reconnaissance and credential dump). The threat only executes if WinRAR and an Arabic keyboard are present on the infected system. The malware can capture screenshots, download and execute files, execute arbitrary commands, and unarchive data fetched from the C&C.īuilt by the developer behind JhoneRAT, DropBook is a Python-based backdoor capable of performing reconnaissance, executing shell commands, and downloading and executing additional malware. NET backdoor, show compilation timestamps between October 4 and November 29, 2020. Phishing lures used in these attacks include Hamas elections, Israeli-Saudi relations, Palestinian politicians, and other political events. The malware families were used to target political figures and government officials in the Palestinian Territories, Egypt, Turkey, and UAE, among other Middle East regions. “The newly discovered backdoors were delivered together with the previously reported Spark backdoor, which along with other similarities to previous campaigns, further strengthens the attribution to Molerats,” Cybereason notes. The overlap suggests a close connection between Molerats and APT-C-23 (Arid Viper), both considered sub-groups of Gaza Cybergang. The security researchers also identified new activity targeting Turkish-speaking entities with the Spark backdoor, as well as a separate campaign in which a new Pierogi variant is used against targets also infected with DropBook, SharpStage, and Spark. Google Drive is also abused for payload storage. For example, both use a Dropbox client for data exfiltration and for storing espionage tools, while DropBook is controlled through fake Facebook accounts. What makes the backdoors stand out is the use of legitimate online services for nefarious purposes. All three malware families allow attackers to run arbitrary code and collect data from the infected machines and have been used in an espionage campaign actively targeting Arab-speaking individuals in the Middle East. Now, Cybereason reveals that Molerats has expanded its toolset with the addition of two backdoors named SharpStage and DropBook, along with a downloader called MoleNet. Roughly a month later, Palo Alto Networks revealed that the group had expanded its target list to include insurance and retail industries, in addition to the previously targeted government and telecommunications verticals. ![]() In early 2020, security researchers at Cybereason’s Nocturnus group published information on two new malware families used by the APT, namely Spark and Pierogi. Likely active since at least 2012 and also referred to as Gaza Hackers Team, Gaza Cybergang, DustySky, Extreme Jackal, and Moonlight, the group mainly hit targets in the Middle East (including Israel, Egypt, Saudi Arabia, the UAE and Iraq), but also launched attacks on entities in Europe and the United States. Two new backdoors have been attributed to the Molerats advanced persistent threat (APT) group, which is believed to be associated with the Palestinian terrorist organization Hamas. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |